With the increasing use of computer systems and the Internet to transact business and store sensitive information, data security has become a source of increased concern to the public. This source of concern has originated from the growing onslaught of computer and Internet crimes by unauthorized users gaining entry to these systems. In response, designers have developed various methods and systems, including software application security programs, to prevent unauthorized access to computer systems.
The primary objective of software application security programs is to prevent unauthorized access to application data and transactions. Typical applications are developed and implemented such that multiple security measures are included within the application software and also the enabling infrastructure.
One security method employed by applications is based on user authentication. User authentication requires a person or software application requesting access to an application or data to provide one or more access codes; the most prevalent being a username/password combination. The biggest security weakness in computer networks is poor password selection. In many organizations, employees have to remember between five (5) and ten (10) passwords, and have to change them as frequently as every thirty (30) days. Remembering passwords is a problem, and it is said by some that up to twenty (20) percent of helpdesk calls are password-related.
Many users try to choose the same username and password for all the computer resources (hardware or software), applications or data sources (collectively, systems) they need to access. This synchronization of passwords is often not possible, because different systems might have different and conflicting password construction rules. Also, usernames have to be unique within each system, and this puts further constraints on users who might be using systems administered by outside agencies or business partners, as well as their own company's internal systems. Even if multiple systems permit the use of the same username and password, the breach of one system and resulting awareness of the username and password simplifies the ability to breach other systems using the same sign-on designations.
As a result, users must manage an overwhelming number of username and password combinations. This leads to poor security as users choose obvious passwords to make them memorable. It also leads to users forgetting passwords—a time-consuming problem for the parties involved. Alternatively, usernames and passwords may be written down, providing a ready opportunity for theft and usage under appropriate conditions.
Accordingly, there is a need to to simplify the sign-on process, using a single, convenient authentication system and methodology that is equally applicable across all systems or applications that a user may wish to access.